Link to home
Start Free TrialLog in
Avatar of jplagens
jplagensFlag for United States of America

asked on

ASA 5505 8.4 Port Redirection

I'm having some issues with port redirection on an ASA 5505 running post 8.4 software.  I have an internal webserver listening on TCP port 8040.  To make it easier on users I want them to use port 80 externally and I will redirect the inbound requests to port 8040. I also use port 8041, but it remains the same internally and externally.

In my 8.2 config this worked great.  This WAS my config:

access-list INBOUND_ACL extended permit tcp any interface outside eq www
access-list INBOUND_ACL extended permit tcp any interface outside eq 8041

static (inside,outside) tcp interface www 172.16.11.102 8040 netmask 255.255.255.255
static (inside,outside) tcp interface 8041 172.16.11.102 8041 netmask 255.255.255.255


In my 9.2 config, I am having some issues.  This is what my config looks like now and it is not working.  


object service WWW
 service tcp source eq www
 
object service PORT_8040
 service tcp source eq 8040
 
 object service PORT_8041
 service tcp source eq 8041

object network WEBSERVER
 host 172.16.11.102
 

access-list INBOUND_ACL extended permit tcp any host 172.16.11.102 eq www
access-list INBOUND_ACL extended permit tcp any host 172.16.11.102 eq 8041
 
nat (inside,outside) source static WEBSERVER interface service WWW PORT_8040
nat (inside,outside) source static WEBSERVER interface service PORT_8041 PORT_8041
Avatar of Pete Long
Pete Long
Flag of United Kingdom of Great Britain and Northern Ireland image

object network Internal_Web_Server-WWW
host 172.16.11.102
nat (inside,outside) static interface service tcp www www
object network Internal_Web_Server-8041
host 172.16.11.102
nat (inside,outside) static interface service tcp 8041 8041
access-list INBOUND_ACL permit tcp any object Internal_Web_Server-WWW eq www
access-list INBOUND_ACL permit tcp any object Internal_Web_Server-8041 eq 8041

Should do you

Pete
Avatar of jplagens

ASKER

That didn't seem to work.  That config appears to be translating port 80 on the outside and inside.  I need to source port 80 from the outside and redirect to destination port 8040 on the inside.

I also tried this and it didn't work:

object network Internal_Web_Server-WWW
 host 172.16.11.102
 nat (inside,outside) static interface service tcp www 8040
ASKER CERTIFIED SOLUTION
Avatar of jplagens
jplagens
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Problem resolved by poster.